<?php
$page_title = "Fifaonline.ro | Campionate fifa virtuale | Stiri sportive";
include_once("top.php");
?>
<?php
require_once ("/includes/mysql_connect.php"); //Realizeaza conexiunea la baza de date.
if(isset($_GET['id']))
{
	$id1 = $_GET['id'];

	$request = "SELECT * FROM articole WHERE article_id =" .$id1. "";
	$result = mysql_query($request);
	if(mysql_num_rows($result) == 0)
	{ 
		$id1 = FALSE;
		$alert = "Acest id nu exista";
	}
	else
	{
		$alert = FALSE;
	}
}
else
{
	
	$id1 = FALSE;
	header("Location:index.php");
}
?>
<?php

if($id1) {
$request = "SELECT * FROM articole WHERE article_id =" .$id1. "";
$result2 = @mysql_query($request);


while ($row = mysql_fetch_array($result2)) {
	$postValue = $row['article_id'];
	$filename = 'C:/wamp/www/uploads/'.$postValue.'.jpg';
	$id = $row['article_id'];
	if ($id == $id1) {
		echo "<h1>".$row['title']."</h1>";
		echo "<hr  color='#CCCCCC' width='500px' align='left' />";
		echo "<p class='post'>";
		if (file_exists($filename))
		{
			echo "<img src='".$filename."' align='right' width='200' height='240'>".$row['content']."</p>";
		}
		else
		{
			echo $row['content'];
			echo "</p>";
		}
		echo "<br><br>";
	}
	
$query = "SELECT first_name, subject, comment, comment_date FROM comments WHERE news_id=".$id1."";
$result = mysql_query($query);

echo "<h4 class='comment'>Comments:</h4>";
while ($row = mysql_fetch_array($result))
{
	echo "<p class='name'>".$row['first_name'].":</p>";
	echo "<p class='comment'>".$row['comment']."</p>";
	echo "<font size=-2>".$row['comment_date']."</font>";
	echo "<br><br>";
}
echo"<br>";
if(isset($_POST["submitted"]))
{	
	//Verifica existenta prenumelui
	if(empty($_POST["first_name"]))
		{
			$errors[] = 'Ai uitat sa scrii numele';
			$first_name = FALSE;			
		}
		elseif(stripslashes(trim($_POST["first_name"])))
		{
			$first_name = htmlentities(stripslashes(trim(mysql_real_escape_string($_POST["first_name"]))));
		}
		
		//Verifica existenta emailului
		if(empty($_POST["email"]))
		{
			$errors[] = 'Ai uitat sa scrii adresa de email';
			$email = FALSE;
		}
		elseif(stripslashes(trim($_POST['email'])))
		{
			$email = htmlentities(stripslashes(trim(mysql_real_escape_string($_POST["email"]))));
			
		}
		
		//Verifica commentul
		if(empty($_POST["comment"]))
		{
			$errors[] = 'Ai uitat sa scrii comentariul';
			$comment = FALSE;
		}
		elseif(stripslashes(trim($_POST['comment'])))
		{
			$comment = htmlentities(stripslashes(trim(mysql_real_escape_string($_POST['comment']))));
		}
		if(empty($errors))
		{
			$query = "INSERT INTO comments (first_name, email, comment, news_id, comment_date) VALUES ('$first_name', '$email', '$comment', $id1, NOW() )";
			$result = mysql_query($query) or trigger_error("Query: $query\n<br>MySQL Error:" . mysql_error());
			echo "<b>Comentariul tau este in curs de validare. Multumim!</b> ";
			header( 'Location: http://localhost/newsbyid.php?id='.$id1 . '' ) ;
		}
		else
		{
			echo "<font color = 'red'><small>
			<p>Au aparut urmatoarele erori:<br>";
			foreach ($errors as $msg) //Afiseaza fiecare erorare
			{
				echo "-$msg<br>\n";
			}
			echo "<br>Please try again!</small></font>";
		}
		

	}
}
mysql_close();

?>
<fieldset>
<legend><h4 class="comment"><font size="-1">Comenteaza:</font></h4></legend>
<?php 
echo"<form action='newsbyid.php?id=". $id1 . "' method='post'>";?>
<table>
<tr>
<td><p class="post">Numele: </p></td><td><input type="text" name="first_name" value="" maxlength="15" size="35"></td></tr>
<tr><td><p class="post">Email: </p></td><td><input type="text" name="email" value="" size="35" maxlength="40"></td></tr>
<tr><td><p class="post">Comment: </p></td><td><textarea name="comment"></textarea></td></tr>
</table>
<p class="comment"><small>Toate campurile sunt obligatorii</small></p>
<input type="submit" name="submit" value="Posteaza"/>
<input type="hidden" name="submitted"/>
</form>
</fieldset>
<br><br>
<?php
}
elseif(!is_numeric($id1))
{
	echo "Acest id nu exista";	
}
else
{
	echo "Acest id nu exista";
} 
?>
<?php
include_once("end.php");
?>